How to Prevent Unvalidated Redirects and Forwards in Laravel

Introduction

When developing a Laravel application, security should be a top priority. One of the most common vulnerabilities that can put your users at risk is unvalidated redirects and forwards. These vulnerabilities occur when a user is redirected or forwarded to an untrusted URL without proper validation, which can be exploited by attackers to conduct phishing, session fixation, or other malicious activities.

In this blog post, we'll discuss how to identify and prevent unvalidated redirects and forwards in your Laravel applications, including practical coding examples and tips to enhance the security of your website.

What Are Unvalidated Redirects and Forwards?

An unvalidated redirect occurs when a user is sent to a URL that isn't properly checked for trustworthiness. For example, an attacker may trick a user into clicking a link that redirects them to a malicious site.

Similarly, unvalidated forwards happen when the application forwards a user to another resource without proper validation. Attackers can exploit this to bypass security checks or perform unauthorized actions.

Why Are They Dangerous?

Both unvalidated redirects and forwards can be exploited by attackers for various malicious purposes, including:

Phishing attacks: Redirecting users to fake websites to steal their personal information.

Session hijacking: Redirecting users to a page that steals their session data.

Malicious data exposure: Forwards to unauthorized resources.

How to Prevent Unvalidated Redirects and Forwards in Laravel

1. Use Laravel's Built-in Validation for Redirects

One of the simplest ways to avoid these vulnerabilities is to validate URLs before redirecting users. Laravel has a built-in url() method to ensure that the redirect URL is valid and within the allowed domain.

Here’s how you can implement a secure redirect:

use Illuminate\Support\Facades\Redirect; public function redirectToInternalPage($path) { $validPaths = ['/home', '/dashboard', '/profile']; // Allowed paths if (in_array($path, $validPaths)) { return Redirect::to($path); } else { return abort(403, 'Unauthorized redirect.'); } }

This approach ensures that users can only be redirected to predefined paths within your application.

2. Validate External Redirects

If your application needs to redirect users to external URLs, ensure that the redirect destination is trusted. A basic way to achieve this is by checking if the destination URL belongs to a trusted domain:

use Illuminate\Support\Facades\Redirect; use Illuminate\Support\Str; public function redirectToExternalSite($url) { $trustedDomains = ['trustedsite.com', 'anothertrusted.com']; $host = parse_url($url, PHP_URL_HOST); if (in_array($host, $trustedDomains)) { return Redirect::to($url); } else { return abort(403, 'Untrusted redirect destination.'); } }

This will prevent users from being redirected to malicious websites, as the app only allows URLs from trusted domains.

3. Implement URL Whitelisting

Another preventive measure is to implement URL whitelisting. This approach limits the URLs that users can be redirected to, ensuring that they are only sent to trusted destinations.

public function validateRedirect($url) { $whitelistedUrls = ['https://example.com', 'https://secure.com']; if (in_array($url, $whitelistedUrls)) { return Redirect::to($url); } else { return redirect('/home')->with('error', 'Invalid redirect attempt.'); } }

4. Use Redirect::secure() for HTTPS Redirects

To avoid redirection to unsecure HTTP links, always use secure redirects. You can ensure that the user is redirected to a secure HTTPS URL by using Redirect::secure():

return Redirect::secure('/dashboard');

This method forces the redirect to be on an HTTPS connection, enhancing the security of your application.

Preventing Vulnerabilities with Tools

It’s essential to regularly assess your website’s security. For that, you can use our Free Website Security Scanner tool to identify vulnerabilities like unvalidated redirects and forwards.

Visit our tool to get started. Below is a screenshot of the tool's homepage for your reference.

Additionally, after running a scan, you will receive a detailed vulnerability assessment report to check Website Vulnerability, helping you pinpoint areas that need attention.

Conclusion

Unvalidated redirects and forwards are serious security vulnerabilities that can jeopardize your Laravel application. By following the methods outlined in this post, you can secure your application and protect your users from phishing, session fixation, and other malicious activities.

Remember to keep your Laravel application up to date and utilize our free tool for Website Security tests to conduct regular assessments and stay ahead of potential threats.

For more tips and tutorials on securing your Laravel application, visit our blog at Pentest Testing Corp Blog.

Crafting Clean and Maintainable Code with Laravel's Design Patterns

In today's fast-paced world, building robust and scalable web applications is crucial for businesses of all sizes. Laravel, a popular PHP framework, empowers developers to achieve this goal by providing a well-structured foundation and a rich ecosystem of tools. However, crafting clean and maintainable code remains paramount for long-term success. One powerful approach to achieve this is by leveraging Laravel's built-in design patterns.

What are Design Patterns?

Design patterns are well-defined, reusable solutions to recurring software development problems. They provide a proven approach to structuring code, enhancing its readability, maintainability, and flexibility. By adopting these patterns, developers can avoid reinventing the wheel and focus on the unique aspects of their application.

Laravel's Design Patterns:

Laravel incorporates several design patterns that simplify common development tasks. Here are some notable examples:

Repository Pattern: This pattern separates data access logic from the business logic, promoting loose coupling and easier testing. Laravel's Eloquent ORM is a practical implementation of this pattern.

Facade Pattern: This pattern provides a simplified interface to complex functionalities. Laravel facades, like Auth and Cache, offer an easy-to-use entry point for various application functionalities.

Service Pattern: This pattern encapsulates business logic within distinct classes, promoting modularity and reusability. Services can be easily replaced with alternative implementations, enhancing flexibility.

Observer Pattern: This pattern enables loosely coupled communication between objects. Laravel's events and listeners implement this pattern, allowing components to react to specific events without tight dependencies.

Benefits of Using Design Patterns:

Improved Code Readability: Consistent use of design patterns leads to cleaner and more predictable code structure, making it easier for any developer to understand and modify the codebase.

Enhanced Maintainability: By separating concerns and promoting modularity, design patterns make code easier to maintain and update over time. New features can be added or bugs fixed without impacting other parts of the application.

Increased Reusability: Design patterns offer pre-defined solutions that can be reused across different components, saving development time and effort.

Reduced Complexity: By providing structured approaches to common problems, design patterns help developers manage complexity and write more efficient code.

Implementing Design Patterns with Laravel:

Laravel doesn't enforce the use of specific design patterns, but it empowers developers to leverage them effectively. The framework's built-in libraries and functionalities often serve as implementations of these patterns, making adoption seamless. Additionally, the vast Laravel community provides numerous resources and examples to guide developers in using design patterns effectively within their projects.

Conclusion:

By understanding and applying Laravel's design patterns, developers can significantly improve the quality, maintainability, and scalability of their web applications. Clean and well-structured code not only benefits the development team but also creates a valuable asset for future maintenance and potential growth. If you're looking for expert guidance in leveraging Laravel's capabilities to build best-in-class applications, consider hiring a Laravel developer.

These professionals possess the necessary expertise and experience to implement design patterns effectively, ensuring your application is built with long-term success in mind.

FAQs

1. What are the different types of design patterns available in Laravel?

Laravel doesn't explicitly enforce specific design patterns, but it provides functionalities that serve as implementations of common patterns like Repository, Facade, Service, and Observer. Additionally, the framework's structure and libraries encourage the use of various other patterns like Strategy, Singleton, and Factory.

2. When should I use design patterns in my Laravel project?

Design patterns are particularly beneficial when your application is complex, involves multiple developers, or is expected to grow significantly in the future. By adopting patterns early on, you can establish a well-structured and maintainable codebase from the outset.

3. Are design patterns difficult to learn and implement?

Understanding the core concepts of design patterns is essential, but Laravel simplifies their implementation. The framework's built-in libraries and functionalities often serve as practical examples of these patterns, making it easier to integrate them into your project.

4. Where can I find more resources to learn about design patterns in Laravel?

The official Laravel documentation provides a good starting point https://codesource.io/brief-overview-of-design-pattern-used-in-laravel/. Additionally, the vast Laravel community offers numerous online resources, tutorials, and code examples that delve deeper into specific design patterns and their implementation within the framework.

5. Should I hire a Laravel developer to leverage design patterns effectively?

Hiring a Laravel developer or collaborating with a laravel development company can be advantageous if you lack the in-house expertise or require assistance in architecting a complex application. Experienced developers can guide you in selecting appropriate design patterns, ensure their proper implementation, and contribute to building a robust and maintainable codebase.

Laravel Beyond Basics: Advanced Techniques for Superior App Performance

Laravel Beyond Basics: Advanced Techniques for Superior App Performance

Introduction:

In the world of web application development, Laravel has firmly established itself as a leading PHP framework. Its elegance, simplicity, and developer-friendly nature have made it a top choice for companies seeking to build robust and efficient web applications. At Wama Technology, a leading Laravel App Development Company in USA, we've mastered the art of taking Laravel beyond basics, leveraging advanced techniques to ensure superior app performance.

In this blog, we'll explore some of the most advanced techniques that our Laravel App developers employ to build high-performance applications. We'll delve into optimization, scalability, and best practices that elevate Laravel application development to the next level.

The Importance of Advanced Techniques

Before we dive into the advanced techniques, let's understand why they are crucial. While Laravel simplifies many aspects of web development, building a high-performance application requires a deeper understanding of the framework and its underlying technologies. As a Laravel App Development Company, we recognize the significance of advanced techniques in achieving superior app performance.

Laravel Performance Optimization

1. Caching Strategies

Caching is a fundamental technique for improving application speed. Laravel provides support for various caching drivers such as Redis and Memcached. Our Laravel App developers carefully select and configure the appropriate caching strategy to reduce database queries and improve response times significantly.

2. Database Optimization

Efficient database queries are at the core of a performant application. We optimize SQL queries using Laravel's query builder, Eloquent ORM, and database indexing. These techniques help reduce query execution times and enhance overall application responsiveness.

3. Leveraging Content Delivery Networks (CDNs)

To speed up the delivery of static assets like images, stylesheets, and scripts, we integrate CDNs seamlessly into Laravel applications. This reduces server load and minimizes latency for users, especially those geographically distant from the hosting server.

Scalability

4. Load Balancing

For high-traffic applications, distributing incoming requests across multiple servers is essential. We implement load balancing solutions to ensure that the application can handle increased traffic without compromising on performance.

5. Microservices Architecture

Breaking down an application into smaller, interconnected services allows for better scalability and flexibility. Laravel's API support makes it easier to create and manage microservices, enabling rapid scaling when needed.

Best Practices

6. Code Optimization

We adhere to coding best practices such as using dependency injection, service providers, and facades effectively. This not only enhances the maintainability of the codebase but also contributes to better application performance.

7. Lazy Loading

Laravel's Eloquent ORM supports lazy loading relationships, which means related data is only loaded when needed. This prevents unnecessary database queries, resulting in faster response times.

Laravel App Development Company in the USA

At Wama Technology, our team of Laravel App developers has honed their skills through years of experience, delivering top-notch Laravel applications to clients across various industries. We take pride in being a Laravel App Development Company in the USA that not only follows best practices but also pushes the boundaries of what Laravel can achieve.

Conclusion

Building a high-performance Laravel application requires going beyond the basics. It demands a deep understanding of the framework, its ecosystem, and the ability to leverage advanced techniques effectively. As a leading Laravel App Development Company in the USA, we are committed to delivering superior app performance for our clients. If you're looking to take your Laravel application to the next level, contact us at Wama Technology, and let's discuss how we can make it happen.

In this blog, we've only scratched the surface of the advanced techniques we employ. Superior app performance is a journey, and we're here to guide you every step of the way. Whether it's optimizing your existing Laravel application or starting a new project from scratch, trust Wama Technology to deliver excellence in Laravel app development.

Use Laravel’s Illuminate Database Query Builder With WordPress

I’ve been working on Smolblog, a social web blogging app. To help me get to a minimally viable product sooner, I’ve been building it on top of WordPress. However, WordPress is built exclusively for the MySQL database, and I eventually want Smolblog to work with many different databases, especially SQLite. This means, for my own code, I need to abstract the database away.

The first pass I had at this was to simply have Query objects and services to handle those. This would effectively abstract away the entire data layer, making it completely system-agnostic. It wouldn’t even need to be a traditional database. But as I built this system out, I was making more and more assumptions about what the database and data code would look like. And while the database code was all abstracted away, I still had to write it. A lot of it. And every line I wrote using $wpdb was another line I’d have to rewrite someday.

I’ve been looking at other frameworks to use, and Laravel is by far the strongest contender. Their approach to dependency injection and services seems to line up well with how I’ve organically built Smolblog to this point. So when I found out that their database abstraction layer also included a way to use the library without taking on the entire Laravel framework, I decided to make “someday” today.

Prerequisites

Composer: While you can use this library without using Composer, it’s very much not recommended. That being said, if you’re using this in a plugin for general use or otherwise don’t have control over your entire WordPress environment, be sure to use Mozart or some other tool to isolate the namespaces of your dependencies.

Populated database constants: Some of the more modern WordPress setups use a connection string or other way to connect to MySQL. I didn’t find a way to get that information out of the $wpdb constant, so this code relies on having DB_HOST and other constants from wp-config.php defined.

PDO::MySQL: Illuminate DB uses PDO to handle databases, so you’ll need to make sure your PHP server has the PDO::MySQL extension installed. I’m using the official PHP image, so I needed to add these two lines to my Dockerfile:

RUN docker-php-ext-install pdo_mysql RUN docker-php-ext-enable pdo_mysql

Step 1: Dependency Injection

We’re going to use dependency injection to separate creating the database connection from using the database connection. This way the database connection can change without as much code changing.

The documentation for Laravel’s query builder involves calling their DB facade, a global class that calls a singleton instance. Digging through the documentation and code, it looks like the underlying class conforms to the Illuminate\Database\ConnectionInterface interface. So that’s what we’ll use in our service’s constructor:

use Illuminate\Database\ConnectionInterface; class ContentEventStream implements Listener { public function __construct( private ConnectionInterface $db, ) { } }

Inside the service, we’ll follow the documentation, replacing any use of the DB facade with our $db object:

$this->db->table('content_events')->insert(['column' => 'value']);

Step 2: Connection Factory

Now that we know what we need, we need to create it.

The README for the Illuminate Database package has good starting instructions. We’ll combine those with data from wp-config.php and $wpdb:

use Illuminate\Database\Capsule\Manager; use Illuminate\Database\ConnectionInterface; function getLaravelConnection(): ConnectionInterface { global $wpdb; $capsule = new Manager(); $capsule->addConnection( [ 'driver' => 'mysql', 'host' => DB_HOST, 'database' => DB_NAME, 'username' => DB_USER, 'password' => DB_PASSWORD, 'charset' => DB_CHARSET, 'prefix' => $wpdb->prefix, ] ); return $capsule->getConnection(); }

(As mentioned, we’re pulling the connection information straight from configuration. If you know how to get it from $wpdb, let me know!)

The prefix property on the connection works much the same way as WordPress' table prefix. Since we’re using the connection object to also build our queries, it will add the prefix to our queries automatically. Using this property will also use the correct tables for blogs in multisite, so data from one blog doesn’t leak into another.

For Smolblog, I only want one set of tables regardless of multisite. I also want to prefix the Smolblog-specific tables, mostly so they’re all in one place when I’m scrolling. So my prefix property looks like this:

$capsule->addConnection( [ // ... 'prefix' => $wpdb->base_prefix . 'sb_', ] );

Because I don’t want a global object or the Eloquent ORM, I can ignore the rest of the setup from the project README.

Finally, we’ll want to store this created object somewhere central. Smolblog uses a simple dependency injection container, so we’ll store it there. The first time a service that needs a database connection is created, the container will run this function and provide the object.

(Honestly, the container probably deserves a blog post of its own; you can look at the source code in the meantime.)

Step 3: Update the Schema

We have our code to build queries. We have our connection to the database. The only thing we need now is the actual tables for the database.

Here is where we can use WordPress to its full extent. We will be using the dbDelta function in particular. This will tie into WordPress' existing system for updating the database structure alongside WordPress itself.

Some plugins tie this migration code to an activation hook, but we want to be able to modify the tables even after the plugin is activated. So our process will look like this:

Loop through the different tables we will need.

Check the blog options for a schema version.

If the version matches what we have in code, we’re up-to-date. Skip to the next table.

Pass the new table schema to dbDelta and let it do its thing.

Save the schema version to blog options.

Rinse and repeat for each table.

At this point, I should bring up some of the caveats with the dbDelta function. The comments on the WordPress documentation are invaluable here, especially as they point out a few things that need to be consistent with our schemas.

Because there’s so many things that need to be consistent, we’ll isolate the unique parts of our table schemas to two things:

A name. Because every table needs one. We will declare it without the prefix.

The fields excluding the primary key. We can have UNIQUE indexes on other fields for a similar effect, but every table will have an auto-incrementing id field.

A series of values keyed to short strings? That sounds like an array! Here’s part of what Smolblog’s schema array looks like:

class DatabaseHelper { public const SCHEMA = [ 'content_events' => <<<EOF event_uuid varchar(40) NOT NULL UNIQUE, event_time varchar(30) NOT NULL, content_uuid varchar(40) NOT NULL, site_uuid varchar(40) NOT NULL, user_uuid varchar(40) NOT NULL, event_type varchar(255) NOT NULL, payload text, EOF, 'notes' => <<<EOF content_uuid varchar(40) NOT NULL UNIQUE, markdown text NOT NULL, html text, EOF, ]; public static function update_schema(): void { foreach ( self::SCHEMA as $table => $fields ) { self::table_delta( $table, $fields ); } } //... }

A brief aside: Smolblog uses UUIDs for its unique identifiers, and they’re stored here as full strings in fields ending with _uuid. I ran into trouble storing them as bytes, and something in WordPress would frequently mess with my queries when I had fields named things like user_id and site_id. I’m noting this here in case you run into the same things I did.

When WordPress loads the plugin, it will call the update_schema function declared here. That function loops through the array, extracts the table name and fields, and passes them to this function:

public static function table_delta( string $table, string $fields ): void { global $wpdb; $table_name = $wpdb->base_prefix . 'sb_' . $table; $charset_collate = $wpdb->get_charset_collate(); $sql = "CREATE TABLE $table_name ( id bigint(20) NOT NULL AUTO_INCREMENT, $fields PRIMARY KEY (id) ) $charset_collate;"; if ( md5( $sql ) === get_option( $table . '_schemaver', '' ) ) { return; } require_once ABSPATH . 'wp-admin/includes/upgrade.php'; dbDelta( $sql ); update_option( $table . '_schemaver', md5( $sql ) ); }

This function takes care of the boilerplate we talked about earlier and runs the steps:

It creates the table name using the same pattern as before: the base prefix plus sb_.

It creates a CREATE TABLE SQL statement using the table name and fields. (It’s okay to build a SQL query this way because all of the data is coming from constants inside the PHP file; none of it is coming from form data or other untrusted sources.)

It takes the MD5 hash of the SQL statement and compares that to the saved option for this table. The hash will change when the code changes, so this is a quick way to keep our code and database in-sync.

If the database needs to be updated, it requires the correct file from WordPress Core and runs the dbDelta function.

Finally, it saves the MD5 hash to the blog options so we know what version the database is on.

By calculating the version using the hash of the actual SQL, we don’t have to worry about whether some other version number has been updated. This may or may not be the approach you want to take in a production application, but it has proven very useful in development. This is the same idea as using the filemtime function as the “version number” of static CSS and JavaScript in your theme.

So there we have it. We’ve used the connection information in WordPress to hook up a Laravel database connection. And at some point in the future, it’ll be that much easier to let Smolblog work with SQLite which will in turn let Smolblog work on even more web hosts. And you can use this to do whatever you want! Maybe you just wanted to transfer some skills from Laravel to WordPress. Maybe you’re just in it for the academic challenge.

One thing you can do with this is unit-test your services using an in-memory SQLite database… and I’ll leave you with that.

final class DatabaseServiceUnitTest extends \PHPUnit\Framework\TestCase { private \Illuminate\Database\Connection $db; private DatabaseService $subject; protected function setUp(): void { $manager = new \Illuminate\Database\Capsule\Manager(); $manager->addConnection([ 'driver' => 'sqlite', 'database' => ':memory:', 'prefix' => '', ]); $manager->getConnection()->getSchemaBuilder()->create( 'content_events', function(\Illuminate\Database\Schema\Blueprint $table) { $table->uuid('event_uuid')->primary(); $table->dateTimeTz('event_time'); $table->text('payload'); } ); $this->db = $manager->getConnection(); $this->subject = new DatabaseService(db: $this->db); } public function testItPersistsAContentEvent() { $event = new class() extends ContentEvent { public function __construct() { parent::__construct( id: Identifier::fromString('8289a96d-e8c7-4c6a-8d6e-143436c59ec2'), timestamp: new \DateTimeImmutable('2022-02-22 02:02:02+00:00'), ); } public function getPayload(): array { return ['one' => 'two', 'three' => 'four']; } }; $this->subject->onContentEvent($event); $expected = [ 'event_uuid' => '8289a96d-e8c7-4c6a-8d6e-143436c59ec2', 'event_time' => '2022-02-22T02:02:02.000+00:00', 'payload' => '{"one":"two","three":"four"}', ]; $this->assertEquals((object)$expected, $table->first()); $this->assertEquals(1, $table->count()); } }

Understanding Service Providers in Laravel: A Crucial Role in Application Bootstrapping

Introduction

Laravel Development Company India, an open-source PHP framework, has gained immense popularity due to its elegant syntax and powerful features for building web applications. One of the key components that make Laravel flexible and extensible is its Service Providers. In this blog post, we will delve into the world of Laravel Service Providers, their significance, and how they play a crucial role in the application's bootstrapping process.

What are Service Providers in Laravel?

In Laravel, Service Providers are essential components that allow developers to register services into the application's service container, which in turn enables dependency injection and facilitates the efficient management of dependencies throughout the application. Service Providers play a pivotal role in binding interfaces to concrete implementations, making it easier to manage application services and third-party libraries.

Role and Significance of Service Providers

Service Registration:

Service Providers are responsible for registering various services into the Laravel application. During the application bootstrapping process, Laravel loads all the registered service providers to make the required services available throughout the application's lifecycle. This registration step sets the foundation for using the application's features and functionalities seamlessly.

Dependency Injection:

Dependency Injection (DI) is a core principle in Laravel and plays a significant role in making the application more maintainable and testable. Service Providers enable DI by associating an interface with a specific implementation class. When a service is requested from the container, Laravel resolves the appropriate implementation, allowing developers to easily switch and test different implementations without altering the existing codebase.

Facades and Aliases:

Service Providers also facilitate the use of Facades in Laravel Development Agency India. Facades provide a convenient way to access services from the container without the need to explicitly resolve them each time. The Service Providers register these Facades, enabling developers to use expressive and readable syntax to interact with complex functionalities in the application.

Configuration Binding:

Laravel's configuration system is powerful and flexible. Service Providers are instrumental in binding configuration files to the application, allowing developers to access configuration values easily through the configuration facade or by injecting the configuration directly into classes.

Third-Party Integrations:

Many Laravel applications use third-party packages to enhance functionality. Service Providers offer an elegant way to integrate these packages into the application. Package authors can create Service Providers that handle the necessary bindings and configurations, simplifying the integration process for end-users.

Deferred Service Providers:

In certain cases, loading all service providers during application bootstrapping might be unnecessary and resource-consuming. Laravel allows for Deferred Service Providers, which are only loaded when specific services are requested, optimizing the application's performance by loading only what is needed.

Conclusion

In conclusion, Laravel Web Development Company in india Service Providers play a crucial role in the application's bootstrapping process and overall architecture. They facilitate the registration of services, dependency injection, aliasing, and configuration binding, making it easier to manage and organize dependencies in a Laravel application.

By leveraging Service Providers, developers can effectively integrate third-party packages, improve code maintainability, and enhance the overall testability of the application. Laravel's robust architecture, combined with the power of Service Providers, has made it one of the most preferred frameworks for web application development.

As you continue your journey in Laravel development, understanding and mastering the use of Service Providers will undoubtedly unlock new possibilities and help you build even more sophisticated and feature-rich applications. Happy coding!

Laravel Beginner tutorial | Laravel Facade - simplest explanation - Laravel

Laravel Beginner tutorial | Laravel Facade – simplest explanation – Laravel

Laravel Beginner tutorial | Laravel Facade – simplest explanation – Laravel

[ad_1]

Simplest Explanation of Laravel Facades. Implement your own Facade. What is Laravel Facades.

Full course at https://bitfumes.com/courses/laravel/laravel-for-beginner-from-download-to-deploy

Check https://bitfumes.com For ads free and more advanced courses (use Coupon code WELCOME60 to get 60% discount)

Join Our…

View On WordPress

What’s New in Laravel 9.0 – New Features & Updates

Laravel is a popular open-source PHP web application framework known for its elegant syntax. It is an MVC framework that adheres to the MVC architectural pattern (model-view-controller) precisely and can be used to develop simple to sophisticated web applications in PHP. In recent years, Laravel has become one of the most widely used PHP frameworks for building robust and distinctive online projects. Laravel will now release new versions around every 12 months rather than on a six-monthly basis.

What’s Laravel 9?

The most recent version, Laravel 9, has a lot of new features. The first long-term support (LTS) release to be issued after the 12-month release cycle is Laravel 9, which was delayed to January 2022. PHP versions 8.0 and 8.1 are supported by Laravel 9, which provides two years of bug fixes and three years of security (will receive security fixes until February 2025).

Let's look at the improvements and new features included in Laravel's next major version.

Minimum PHP Requirement: For testing, Laravel 9 needs the most recent versions of PHP 8 and PHPUnit. This is due to the fact that Laravel 9 will use the most recent Symfony v6.0, which also needs PHP 8.

Symfony Mailer: You can easily start sending email through the local or cloud-based service of your choosing thanks to Symfony Mailer's drivers for SMTP, Mailgun, Postmark, Amazon SES, and Sendmail.

Flysystem 3.0: You are shielded against vendor lock-in with the fly system. It is a PHP library for file storage. It offers a single interface for interacting with many file system types.

Anonymous Stub Migration: It resolves a GitHub problem with duplicate migration class names. To take advantage of this functionality in Laravel 8, named migration classes are also backwards-compatible.

PHP 8 String Functions: When a string is found in another string, the function determines whether it is contained there and produces a boolean result (true/false).

Let's look at what's new in Laravel 9 and why you should migrate from Laravel 8 to Laravel 9.

Symfony Mailer:

For your mobile application, Laravel 9 has switched from the SwiftMailer library to the Symfony Mailer library, which offers more consistency.

Default HTTP Client Timeout:

For HTTP clients, Laravel 9 has a default timeout of 30 seconds. This action will assist in preventing hangs that happened with the previous version.

Flysystem 3.0:

Flysystem 1. x has been replaced by Flysystem 3. x in Laravel version 9. x, which now powers the Storage facade's file manipulation methods.

How to Install the Latest Laravel 9.0

The methods shown below will assist you in upgrading to Laravel 9 and walk you through the straightforward installation process.

Step:1  Create a Laravel project using the below command:

composer create-project –prefer-dist laravel/laravel laravel-9-dev test-laravel9

Step: 2  If you have a Laravel installation, proceed to the next step.

laravel new laravel-9-dev –dev

Step: 3  After installing Laravel 9, use this command to check your version.

cd dev-laravel9

PHP artisan –version

Benefits of Hire Laravel Team from XcelTec:

The talented Laravel developers at Xceltec are experts in all facets of building bespoke websites and mobile-based applications. Our team of Laravel developers has experience in Laravel website design, development, and modification, making the website speedy and easy to use.

We can also provide you with a website solution for PHP application development. Choose our talented and experienced web development team for your specific project needs.

Summary:

This blog details the features of Laravel 9 and what to look forward to in upcoming updates. It also covered installing the latest Laravel 9 and app development with it. You may quickly create web apps with this latest Larave sl 9 edition.

Since TopDevelopers.co is fully aware that XcelTec offers world-class bespoke app development services, Xceltec has been included as one of the top mobile app development companies.

Visit to explore more on What’s New in Laravel 9.0 – New Features & Updates

Get in touch with us for more! 

Contact us on:- +91 987 979 9459 | +1 919 400 9200

Email us at:- [email protected]

How to perform CURL requests using ixudra/curl in Laravel

Laravel's ixudra package offers an effective method for making HTTP requests using curl. Use curl to send get and post requests by performing the following actions: - Install the package ixudra/curl. - Adjust the installed package's settings. - In your controller code, import the class. - Use curl to send get and post requests.

Install the ixudra/curl package

Installing ixudra/curl for your application using a composer command is possible and is demonstrated below: composer require ixudra/curl

Configure the installed package

Your app.php file should now include the providers and aliases. The config directory must contain the app.php file. 'providers' => , 'aliases' => 

Import the class in your controller

You must include the class in your controller file as shown below in order to add it to your controller: use IxudraCurlFacadesCurl;

Usage

Create a method called getCurl() in the controller where you wish to implement the curl . Note: You can give the method whatever name you choose, but getCurl() is used in this example. Get request Let's use this package to make a get() request. public function getCURL() { ＄response = Curl::to('https://jsonplaceholder.typicode.com/posts') ->get(); dd(＄response); } The get request is sent in the code above using the Curl:: facade and the to() method, and the response is then dumped. In your situation, you might wish to execute the logic necessary for your application rather than dumping the result. Post request public function getCURL() {     ＄response = Curl::to('https://example.com/posts')                 ->withData()                 ->post();     dd(＄response); } The post request is made in the code above using the to() method, and the withData parameter specifies what data must be provided. The response is dropped once more. The put request in the code above can be replaced with the patch, put, or delete requests. Read the full article

How to create facade in laravel

How to create facade in laravel

Hello buddy, in this article we will learn about how to create a facade in laravel or you can say a custom facade in laravel. But before creating a facade, do you know what is facade in laravel ? In simple language, I must say In a Laravel application, a facade is a class that provides access to an object from the container. Follow the below steps to create facade in laravel Create Class…

View On WordPress

Preventing LDAP Injection Vulnerabilities in Laravel

Introduction

In today’s cybersecurity landscape, web applications are frequently targeted by malicious actors using various injection techniques. One of the most dangerous is LDAP injection, which can allow attackers to manipulate Lightweight Directory Access Protocol (LDAP) queries, potentially compromising sensitive data. If you are developing applications with Laravel, it’s essential to be aware of this vulnerability and implement the necessary safeguards.

In this blog post, we will discuss what LDAP injection is, how to prevent it in Laravel applications, and how our free tool can help to check website vulnerability and secure your website.

What is LDAP Injection?

LDAP injection is a form of attack where the attacker injects malicious code into an LDAP query to manipulate the results returned by the server. The attack typically occurs when user input is improperly sanitized, allowing the attacker to alter the structure of the LDAP query.

For example, consider an authentication mechanism where the user submits a username and password. If the input is not sanitized, an attacker could manipulate the query to authenticate as any user.

How LDAP Injection Works

Here’s a simple example of an LDAP query in Laravel that could be vulnerable to injection:

$ldapConnection = ldap_connect("ldap://localhost"); $dn = "uid=$username,dc=example,dc=com"; $filter = "(uid=$username)"; $search = ldap_search($ldapConnection, $dn, $filter);

If an attacker provides input like admin)(&(|(password=password, the $filter string will become:

$filter = "(uid=admin)(&(|(password=password)";

This could result in unintended behavior, such as returning all records in the LDAP database.

How to Prevent LDAP Injection in Laravel

To secure your Laravel application against LDAP injection, you should follow these best practices:

Sanitize User Input: Always sanitize user input before passing it to LDAP queries. You can use Laravel’s built-in validation and sanitization features.

Use Prepared Statements: Prepared statements ensure that the user input is treated as data rather than executable code. Laravel’s query builder and Eloquent ORM can help mitigate these risks in other contexts, but for LDAP, it’s essential to sanitize properly.

Limit User Input Length: Restrict the length of input fields like usernames and passwords to prevent overflows or other attack vectors.

Use Strong Authentication: Implement multi-factor authentication (MFA) to add an additional layer of security, even if LDAP injection is successful.

Monitor Logs for Unusual Activity: Regularly check the logs for any suspicious activity related to LDAP queries, such as unexpected characters or patterns in the username.

Example: Secure LDAP Query in Laravel

Below is an example of a more secure way to handle LDAP queries in Laravel using proper input validation:

use Illuminate\Support\Facades\Validator; public function authenticate(Request $request) { $validator = Validator::make($request->all(), [ 'username' => 'required|string|max:255', 'password' => 'required|string|min:8', ]); if ($validator->fails()) { return response()->json(['error' => 'Invalid input'], 400); } $username = htmlspecialchars($request->input('username')); $password = $request->input('password'); $ldapConnection = ldap_connect("ldap://localhost"); $dn = "uid=$username,dc=example,dc=com"; $filter = "(uid=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER) . ")"; $search = ldap_search($ldapConnection, $dn, $filter); // Further LDAP authentication code }

In this example, we use htmlspecialchars() to sanitize the username and ldap_escape() to ensure the username is properly encoded before being included in the LDAP query.

How Our Free Tool Can Help

To help identify LDAP injection vulnerabilities in your website, we have a Free Website Security Scanner. Our tool performs a detailed security audit and can detect potential LDAP injection vulnerabilities, along with other common issues like SQL injection, cross-site scripting (XSS), and more.

Here’s a screenshot of the tool in action:

Screenshot of the free tools webpage where you can access security assessment tools.

Vulnerability Assessment Report

After scanning your website with our tool for a website security test, you’ll receive a detailed vulnerability assessment report. This will include findings on LDAP injection risks, along with suggestions for remediation. Here’s a sample report:

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

Conclusion

LDAP injection can be a significant threat to your Laravel applications if left unaddressed. By understanding how the attack works and implementing secure coding practices, you can protect your applications from this dangerous vulnerability. Additionally, our free Website Security Checker can help you identify and resolve LDAP injection issues, ensuring your website stays secure.

For more detailed cybersecurity insights and best practices, visit our blog at Pentest Testing Corp Blog.

Laravel 8 in Tamil - What is Facade? How to create a Facade?

Phpstorm Xdebug Laravel

Phpstorm Xdebug Laravel Tutorial

Phpstorm Xdebug Laravel Artisan Serve

Xdebug Phpstorm Cli

Integrate Xdebug with the PHP interpreter Open the active php.ini file in the editor: In the Settings/Preferences dialog Ctrl+Alt+S, click PHP. On the PHP page that opens, click next to the CLI Interpreter field. I have a AngularJS + Laravel application and not able to setup debugging. On project root folder I have a PHP file and the debugger breaks at this file always. I use PHPStorm and have unchecked the '.

Features

Lots of PHP developers create their applications using Laravel, a free, open source PHP web application framework. It is built on top of several Symfony components, and provides a development framework that makes common tasks such as authentication, routing, sessions and caching much easier to implement.

Last summer, we introduced support for Blade, the template language used by Laravel. Recoverit download mac. Support for artisan, the command line tool for Laravel developers, is baked into PhpStorm as well. Using the Laravel plugin and the Laravel IDE helper, we can further extend PhpStorm’s support for Laravel applications. Let’s see how!

The Laravel IDE Helper

After making sure Composer is available for use in our project, we can install the Laravel IDE helper into our project using the Composer | Add dependency… context menu. We can search for barryvdh/laravel-ide-helper and click Install to download the package and add it to our project.

After registering the ‘BarryvdhLaravelIdeHelperIdeHelperServiceProvider’service provider in our application and running artisan ide-helper:generate, PhpStorm will have code completion support and syntax highlighting for many of Laravel’s facades.

The Laravel Plugin for PhpStorm

To further enhance the Laravel experience, we can also install the Laravel Plugin. Under Settings (Preferences) | Plugins, click the Browse repositories… button and search for Laravel. The Install plugin button will download and install the plugin into our IDE.

Restart the IDE and enable the plugin under Settings (Preferences) | Other Settings | Laravel Plugin | Enable Plugin for this Project. All of a sudden, PhpStorm will know what all Laravel facades do, and provide code completion for controllers, views, routes, configuration, translations and many other things!

There’s not only code completion… We can navigate to these items as well! Using Ctrl+Click (CMD+Click on Mac OS X) or Go To Declaration (Ctrl+B / CMD+B), PhpStorm will navigate us to where, for example, a configuration entry is declared.

Working in Blade templates? The Laravel plugin also enhances that experience, for example with code completion for @section directives.

Anxious to learn more? Check our Laravel tutorial, which covers getting PhpStorm ready for Laravel development, code completion, navigation, automatic code inspections, command line tool support, debugging and unit testing!

Are you a Laravel developer? Give PhpStorm 8 a try! We have an elaborate tutorial on Laravel support in PhpStorm which will help you get the most out of our IDE. Your feedback is very welcome through the issue tracker, by posting in the comments below, or in our forums!

Develop with pleasure! – JetBrains PhpStorm Team

Stef Rouschop

min read

TLDR;

This guide will make you install Xdebug on your Mac without the performance downsides, but still being able to use all the Xdebug goodnesses. Most Xdebug setups only allow you to use it through a web browser plugin. This is not helpful when you’re following a TDD approach. So we’ll get it to work right from your tests in PhpStorm, no browser needed!

Having tests is awesome!

I’m a huge fan of tests in Laravel and try to develop as much as possible using the TDD approach. When a project grows over the years, your tests are becoming like a guard that will tell when you messed up functionality by adding or changing some code later on. This gives a peace of mind and has saved my bacon many times already.

PhpStorm has a great GUI for running PHPUnit tests where you’re able to click directly on the links to the scripts where a test fails. I love this workflow and I’ve never used phpunit on the command line since. Praat phonetics. However, when your tests fail, it can become somewhat cumbersome to figure out what is going on. The first thing I always do is add ->dump() to the request, that will point me in the right direction most of the time. But there are cases where you really need to dig into the code. This is where I previously placed some dd() in the code and then tried to follow the steps. Raise your hand if you’ve been there 🤚!

Xdebug is a wonderful tool that can help you with that, but I previously used it a long time ago with a browser plugin. Since PHPUnit gets really slow when Xdebug is installed and it also impacts the composer performance, I removed it from my system and never used it since. Until I recently discovered ���on-demand Xdebug” in PhpStorm! This will not enable Xdebug by default, and will only use it when you need to.It’s really simple to set up and I love using it! You can also use it directly in your tests, so you don’t have to recreate the situation in your browser. I’ll show you how to install and use it in this article.

Install

In our company we only use Mac’s, I have no idea how to set this up on Windows, so you’ll have to google around if that’s your case. For Linux, it will more or less be the same (except for PHP installation) I think.

I’m assuming you’ve been using Homebrew to install the latest version of PHP. It’s as simple as brew install php.

Extensions as Xdebug have recently been removed from Homebrew and need to be installed using PECL. Luckily that is also really easy!pecl install xdebugThe install will add a reference to Xdebug in your php.ini file so it will be loaded by default. We don’t want that! So we’ll remove this reference. Here’s how to do it:On your command line enter: php --ini this will give you the path of the php.ini file that is used on your system.

Open the file in an editor of your choice, or use the default editor for this filetype. In the case of our example, we can do this with the command open /usr/local/etc/php/7.2/php.ini. This will open the php.ini file. We can see the reference added by the Xdebug installer on line 1: zend_extension=”xdebug.so”. We need to remove this line so Xdebug is not loaded by default anymore. Twitch deere. There, all done 🥳!

PhpStorm setup

I’ll assume you have a setup for your TDD workflow in PhpStorm. The purpose of this guide is only to extend it with Xdebug. If you don’t have it, here is an old but still relevant video from Laracasts.com: Be Awesome in PHPStorm: Testing in PHPStorm.

We will need to tell PhpStorm where Xdebug is located for using it on demand. In the settings navigate to Languages and Frameworks and then PHP. On the CLI Interpreter click on the … button like in the screenshot.

Now we can specify where Xdebug is located on your system. In our example this is in /usr/local/lib/php/pecl/20170718/xdebug.so, but this path depends on the version and can be different on your system. So be sure to click on the folder icon to navigate through your system and find it.

When the path is correct and you hit the refresh button, you will see the Xdebug version that was found by PhpStorm.

Using it

Phpstorm Xdebug Laravel Tutorial

For sake of simplicity, we’ll create a simple test where we assert the content of two routes. The routes we’re about to test will just return some variables, nothing fancy going on here, you’ll get the idea. Laravel makes creating tests really easy with the artisan helper php artisan make:test TwoRoutesTest.

In the image below you can see how the tests are run when you’ll hit the green “play” button, nothing new here. Did you also know about the SHIFT + CTRL + R shortcut? Place your cursor in a test and hit the shortcut and only this single test will run. When you place the cursor outside of a test, all the tests of this test-file will run. I really love this shortcut 😍!

Now, let's use Xdebug!

Phpstorm Xdebug Laravel Artisan Serve

Go to your code and place some breakpoints on the left side of the lines. They will be marked with red circles when you click them. This time, don’t click the green “play” button, but the red bug on the right side of it.

Xdebug Phpstorm Cli

The test will stop on the first breakpoint. You’ll get a nice overview of all (global) variables in the debug screen. When you press the green “play / pause” button on the left side of the screen you’ll go to the next breakpoint. You can really dig in the code now to figure out where your bugs happen. I won’t go into detail about all the PhpStorm/Xdebug functionality. That might be a completely different blog post.

Happy debugging

I hope this will enhance your debugging workflow as much as it did for me!

Facades or Helpers?

In Laravel code we often use helpers and facades interchangably and many of the facades that are used most in Laravel are also available as Facades

eg.

view('order.show'); view::make('order.show');

This is so prevalent, that I thought that helpers were part of Facades so when I went to create my own facade I couldnt understand why the helper function didnt work.

Slowly it dawned on me this was not the case and what I really needed was a facade and a helper function.

I found this very helpful article on Laravel news

https://laravel-news.com/creating-helpers

This explains very simply what helper functions are, where and how your crate them and how you autoload them.

Now I have a facade and a helper function and I'm happy.

Gates and Policies in Laravel

Today, we're going to discuss the authorization system of the Laravel web framework. The Laravel framework implements authorization in the form of gates and policies. After an introduction to gates and policies, I'll demonstrate the concepts by implementing a custom example.

I assume that you're already aware of the built-in Laravel authentication system as that's something essential in order to understand the concept of authorization. Obviously, the authorization system works in conjunction with the authentication system in order to identify the legitimate user session.

If you're not aware of the Laravel authentication system, I would highly recommend going through the official documentation, which provides you with hands-on insight into the subject.

Laravel's Approach to Authorization

By now, you should already know that the Laravel authorization system comes in two flavors—gates and policies. Although it may sound like a complicated affair, I would say it's pretty easy to implement it once you get the hang of it!

Gates allow you to define an authorization rule using a simple closure-based approach. In other words, when you want to authorize an action that's not related to any specific model, the gate is the perfect place to implement that logic.

Let's have a quick look at what gate-based authorization looks like:

... ... Gate::define('update-post', function ($user, $post) { return $user->id == $post->user_id; }); ... ...

The above snippet defines the authorization rule update-post that you could call from anywhere in your application.

On the other hand, you should use policies when you want to group the authorization logic of any model. For example, let's say you have a Post model in your application, and you want to authorize the CRUD actions of that model. In that case, it's the policy that you need to implement.

class PostPolicy { public function view(User $user, Post $post) {} public function create(User $user) {} public function update(User $user, Post $post) {} public function delete(User $user, Post $post) {} }

As you can see, it's a pretty simple policy class that defines the authorization for the CRUD actions of the Post model.

So that was an introduction to gates and policies in Laravel. From the next section onwards, we'll go through a practical demonstration of each element.

Gates

In this section, we'll see a real-world example to understand the concept of gates.

More often than not, you end up looking at the Laravel service provider when you need to register a component or a service. Following that convention, let's go ahead and define our custom gate in the app/Providers/AuthServiceProvider.php as shown in the following snippet.

<?php namespace App\Providers; use Illuminate\Support\Facades\Gate; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Http\Request; class AuthServiceProvider extends ServiceProvider { /** * The policy mappings for the application. * * @var array */ protected $policies = [ 'App\Model' => 'App\Policies\ModelPolicy', ]; /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); Gate::define('update-post', function ($user, $post) { return $user->id == $post->user_id; }); } }

In the boot method, we've defined our custom gate:

Gate::define('update-post', function ($user, $post) { return $user->id == $post->user_id; });

While defining a gate, it takes a closure that returns either TRUE or FALSE based on the authorization logic that's defined in the gate definition. Apart from the closure function, there are other ways you could define gates.

For example, the following gate definition calls the controller action instead of the closure function.

Gate::define('update-post', 'ControllerName@MethodName');

Now, let's go ahead and add a custom route so that we can go through a demonstration of how gate-based authorization works. In the routes file routes/web.php, let's add the following route.

Route::get('service/post/gate', 'PostController@gate');

Let's create an associated controller file app/Http/Controllers/PostController.php as well.

<?php namespace App\Http\Controllers; use App\Http\Controllers\Controller; use App\Post; use Illuminate\Support\Facades\Gate; class PostController extends Controller { /* Make sure you don't user Gate and Policy altogether for the same Model/Resource */ public function gate() { $post = Post::find(1); if (Gate::allows('update-post', $post)) { echo 'Allowed'; } else { echo 'Not Allowed'; } exit; } }

In most cases, you'll end up using either the allows or denies method of the Gate facade to authorize a certain action. In our example above, we've used the allows method to check if the current user is able to perform the update-post action.

Users with sharp eyes would have noticed that we've only passed the second argument $post to the closure. The first argument, the current logged-in user, is automatically injected by the Gate facade.

So that's how you're supposed to use gates to authorize actions in your Laravel application. The next section is all about how to use policies, should you wish to implement authorization for your models.

Policies

As we discussed earlier, when you want to logically group your authorization actions for any particular model or resource, it's the policy you're looking for.

In this section, we'll create a policy for the Post model that will be used to authorize all the CRUD actions. I assume that you've already implemented the Post model in your application; otherwise, something similar will do.

The Laravel artisan command is your best friend when it comes to creating stubbed code. You can use the following artisan command to create a policy for the Post model.

$php artisan make:policy PostPolicy --model=Post

As you can see, we've supplied the --model=Post argument so that it creates all the CRUD methods. In the absence of that, it'll create a blank Policy class. You can locate the newly created Policy class at app/Policies/PostPolicy.php.

Let's replace it with the following code.

<?php namespace App\Policies; use App\User; use App\Post; use Illuminate\Auth\Access\HandlesAuthorization; class PostPolicy { use HandlesAuthorization; /** * Determine whether the user can view the post. * * @param \App\User $user * @param \App\Post $post * @return mixed */ public function view(User $user, Post $post) { return TRUE; } /** * Determine whether the user can create posts. * * @param \App\User $user * @return mixed */ public function create(User $user) { return $user->id > 0; } /** * Determine whether the user can update the post. * * @param \App\User $user * @param \App\Post $post * @return mixed */ public function update(User $user, Post $post) { return $user->id == $post->user_id; } /** * Determine whether the user can delete the post. * * @param \App\User $user * @param \App\Post $post * @return mixed */ public function delete(User $user, Post $post) { return $user->id == $post->user_id; } }

To be able to use our Policy class, we need to register it using the Laravel service provider as shown in the following snippet.

<?php namespace App\Providers; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Http\Request; use App\Post; use App\Policies\PostPolicy; class AuthServiceProvider extends ServiceProvider { /** * The policy mappings for the application. * * @var array */ protected $policies = [ 'App\Model' => 'App\Policies\ModelPolicy', Post::class => PostPolicy::class ]; /** * Register any authentication / authorization services. * * @return void */ public function boot() { $this->registerPolicies(); } }

We've added the mapping of our Policy in the $policies property. It tells Laravel to call the corresponding policy method to authorize the CRUD action.

You also need to register the policies using the registerPolicies method, as we've done in the boot method.

Moving further, let's create a couple of custom routes in the routes/web.php file so that we can test our Policy methods there.

Route::get('service/post/view', 'PostController@view'); Route::get('service/post/create', 'PostController@create'); Route::get('service/post/update', 'PostController@update'); Route::get('service/post/delete', 'PostController@delete');

Finally, let's create an associated controller at app/Http/Controllers/PostController.php.

<?php namespace App\Http\Controllers; use App\Http\Controllers\Controller; use App\Post; use Illuminate\Support\Facades\Auth; class PostController extends Controller { public function view() { // get current logged in user $user = Auth::user(); // load post $post = Post::find(1); if ($user->can('view', $post)) { echo "Current logged in user is allowed to update the Post: {$post->id}"; } else { echo 'Not Authorized.'; } } public function create() { // get current logged in user $user = Auth::user(); if ($user->can('create', Post::class)) { echo 'Current logged in user is allowed to create new posts.'; } else { echo 'Not Authorized'; } exit; } public function update() { // get current logged in user $user = Auth::user(); // load post $post = Post::find(1); if ($user->can('update', $post)) { echo "Current logged in user is allowed to update the Post: {$post->id}"; } else { echo 'Not Authorized.'; } } public function delete() { // get current logged in user $user = Auth::user(); // load post $post = Post::find(1); if ($user->can('delete', $post)) { echo "Current logged in user is allowed to delete the Post: {$post->id}"; } else { echo 'Not Authorized.'; } } }

There are different ways you could authorize your actions using Policies. In our example above, we’ve used the User model to authorize our Post model actions.

The User model provides two useful methods for authorization purposes—can and cant. The can method is used to check if the current user is able to execute a certain action. And the counterpart of the can method, the cant method, is used to determine the inability of the action execution.

Let’s grab the snippet of the view method from the controller to see what exactly it does.

public function view() { // get current logged in user $user = Auth::user(); // load post $post = Post::find(1); if ($user->can('view', $post)) { echo "Current logged in user is allowed to update the Post: {$post->id}"; } else { echo 'Not Authorized.'; } }

Firstly, we load the currently logged-in user, which gives us the object of the User model. Next, we load an example post using the Post model.

Moving ahead, we’ve used the can method of the User model to authorize the view action of the Post model. The first argument of the can method is the action name that you want to authorize, and the second argument is the model object that you want to get authorized against.

That was a demonstration of how to use the User model to authorize the actions using policies. Alternatively, you could use the Controller Helper as well, if you’re in the controller while authorizing a certain action.

… $this->authorize('view', $post); …

As you can see, you don’t need to load the User model if you use the Controller Helper.

So that was the concept of policies at your disposal, and it’s really handy while authorizing a model or a resource as it allows you to group the authorization logic in one place.

Just make sure that you don’t use gates and policies altogether for the same actions of the Model, otherwise it’ll create issues. That’s it from my side for today, and I’ll call it a day!

Conclusion

Today, it was Laravel authorization that took the center stage in my article. At the beginning of the article, I introduced the main elements of Laravel authorization, gates and policies.

Following that, we went through creating our custom gate and policy to see how it works in the real world. I hope you’ve enjoyed the article and learned something useful in the context of Laravel.

For those of you who are either just getting started with Laravel or looking to expand your knowledge, site, or application with extensions, we have a variety of things you can study on Envato Market.

As always, I would love to hear from you in the form of comments using the feed below!

by Sajal Soni via Envato Tuts+ Code http://ift.tt/2iWGhkh

Facades in laravel explained

In general terms, a Facade (pronounced as  /fəˈsɑːd/) is the exterior and front facing side of a building or any thing. Importance of facades are they are easy to notice and more prominent, similarly there is a concept of facades in laravel too. No, we are not developing a building through laravel rather we are going to manage our code readability and build easy to remember syntax of functions and classes through it.

As you know, there are two types of functions in any programming language so do in PHP, which are non static functions and static functions.

Table of Contents

What do we mean by non static functions ?

What are static functions, then ?

What are facades in Laravel ?

Why do we use facades ?

How do I create a facade class and use in my application ?

Conclusion

Objective of this example

Step 1. Create a folder with the name “Facades” in app directory

Step 2. Create 2 Files in Facades directory

Step 3. Add the code in web.php

How to perform CURL requests using ixudra/curl in Laravel

Laravel's ixudra package offers an effective method for making HTTP requests using curl. Use curl to send get and post requests by performing the following actions: - Install the package ixudra/curl. - Adjust the installed package's settings. - In your controller code, import the class. - Use curl to send get and post requests.

Install the ixudra/curl package

Installing ixudra/curl for your application using a composer command is possible and is demonstrated below: composer require ixudra/curl

Configure the installed package

Your app.php file should now include the providers and aliases. The config directory must contain the app.php file. 'providers' => , 'aliases' => 

Import the class in your controller

You must include the class in your controller file as shown below in order to add it to your controller: use IxudraCurlFacadesCurl;

Usage

Create a method called getCurl() in the controller where you wish to implement the curl . Note: You can give the method whatever name you choose, but getCurl() is used in this example. Get request Let's use this package to make a get() request. public function getCURL() { ＄response = Curl::to('https://jsonplaceholder.typicode.com/posts') ->get(); dd(＄response); } The get request is sent in the code above using the Curl:: facade and the to() method, and the response is then dumped. In your situation, you might wish to execute the logic necessary for your application rather than dumping the result. Post request public function getCURL() {     ＄response = Curl::to('https://example.com/posts')                 ->withData()                 ->post();     dd(＄response); } The post request is made in the code above using the to() method, and the withData parameter specifies what data must be provided. The response is dropped once more. The put request in the code above can be replaced with the patch, put, or delete requests. Read the full article